Reconnaissance: Research phase used to identify and select targets by browsing websites to obtain names, emails, business and social relationships, and technical information.

Weaponization: The foreign intelligence entities assemble the payload and wrapper, such as coupling a remote access exploit with a prepared spear-phishing email.

Delivery: The foreign intelligence entity infects the target, most commonly using email, website hijacking, or removable media (through insiders). Exploitation: Successful compromise of targeted vulnerability to allow malicious code to be run. Installation: Executed malicious code inserts malware, such as a Remote Access Trojan or opens a backdoor connection to the target system – may allow for persistence. Command and Control (C2): The malware will communicate to a controller server to send or receive instructions from the foreign intelligence entity.

Actions on the Objective: After completing the above actions, the foreign intelligence entity can fulfill their requirements. Intelligence requirements can range from exfiltration, using the system as a strategic position to compromise additional systems within the targeted network (hop-point), or sabotaging the system and network.

Countering Threats to Networks and Cleared Individuals

Employees

• Everyone is a potential target
• Use complex passwords, change them regularly, and don’t reuse
• Be wary when connecting with unknown individuals on social networking sites
• Spear-phishing can happen on any account, including personal email accounts
– Do not open emails, attachments, or click links from unfamiliar sources, even if they look official

Cyber Espionage: The act of obtaining, delivering, transmitting, communicating, or receiving information about the national defense using cyberspace with an intent, or reason to believe, that the information may be used to the injury of the United States or to the advantage of any foreign nation.

Cyberspace: A global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.